1. Friday Squid Blogging: COVID Relief Funds

    A town in Japan built a giant squid statue with its COVID relief grant.

    One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for “urgent support,” such as for medical staff and long-term care facilities.

    But a spokesperson for the town told Fuji News Network that the statue would be a tourist attraction and part of a long term strategy to help promote Noto’s famous flying squid.

    I am impressed by the town’s sense of priorities.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered...

  2. Teaching Cybersecurity to Children

    A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity:

    The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents or guardians before entering personal information online.

    Six-and-seven-year-olds will be taught how to use usernames and passwords, and the pitfalls of clicking on pop-up links to competitions.

    By the time kids are in third and fourth grade, they’ll be taught how to identify the personal data that may be stored by online services, and how that can reveal their location or identity. Teachers will also discuss “the use of nicknames and why these are important when playing online games.”...

  3. The Story of Colossus

    Nice video of a talk by Chris Shore on the history of Colossus.

  4. New Spectre-Like Attacks

    There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago.

    Details:

    The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains in a writeup from the University of Virginia. Even though the processor quickly realizes its mistake and does a U-turn to go down the right path, attackers can get at the private data while the processor is still heading in the wrong direction...

  5. Tesla Remotely Hacked from a Drone

    This is an impressive hack:

    Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes — in short, pretty much what a driver pressing various buttons on the console can do. This attack does not yield drive control of the car though...

  6. Identifying the Person Behind Bitcoin Fog

    The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years.

    Identifying the person behind Bitcoin Fog serves as an illustrative example of how hard it is to be anonymous online in the face of a competent police investigation:

    Most remarkable, however, is the IRS’s account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat. The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve. It goes on to show the blockchain evidence that identifies Sterlingov’s purchase of that Liberty Reserve currency with bitcoins: He first exchanged euros for the bitcoins on the early cryptocurrency exchange Mt. Gox, then moved those bitcoins through several subsequent addresses, and finally traded them on another currency exchange for the Liberty Reserve funds he’d use to set up Bitcoin Fog’s domain...

  7. Friday Squid Blogging: On Squid Coloration

    Nice excerpt from Martin Wallin’s book Squid.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

  8. Serious MacOS Vulnerability Patched

    Apple just patched a MacOS vulnerability that bypassed malware checks.

    The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard application metadata file called “info.plist,” he could silently run the app on any Mac. The operating system wouldn’t even give its most basic prompt: “This is an application downloaded from the Internet. Are you sure you want to open it?”...

  9. Identifying People Through Lack of Cell Phone Use

    In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance:

    After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd, detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.

  10. Second Click Here to Kill Everybody Sale

    For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping.

    I have 600 copies of the book available. When they’re gone, the sale is over and the price will revert to normal.

    Order here.

    Please be patient on delivery. It’s a lot of work to sign and mail hundreds of books. I try to do some each day, but sometimes I can’t. And the pandemic can cause mail slowdowns all over the world.

Copyright © 2021 • All Rights Reserved.Sensible Voice, LLC
1 High Street • Brandon, VT 05733 • Contact Us • Privacy Policy